I'm trying to make work nginx 1.4.7 with nodejs websockets
but I'm getting 502 bad gateway

NGINX Error:
[error] 2394#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: xxx.cz, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8090/", host: "xxx.cz"

my conf:
upstream xxx {
server 127.0.0.1:8090;
}

# the nginx server instance
server {
listen 8085;
server_name xxx.cz xxx;
ssl on;
#ssl_certificate /etc/ssl/xxx/xxx.cz.pem;
ssl_certificate /etc/ssl/xxx/xxx.cz.crt;
ssl_certificate_key /etc/ssl/xxx/xxx.cz.key;

access_log /var/log/nginx/xxx.log;

# pass the request two the node.js server with the correct headers and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;

#WEBSOCKET
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

proxy_pass http://xxx;
proxy_redirect off;
}
}

THIS IS CURL cmd what I'm using
If I use curl directly without nginx it's working fine.
curl -i -N -vv -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: xxx.cz" -H "Origin: https://xxx.cz" -k https://127.0.0.1:8085

RESULT:
* About to connect() to 127.0.0.1 port 8085 (#0)
* Trying 127.0.0.1... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: serialNumber=aCFUcgALEf6y9h5BHsbSHjMYomt-k6ZQ; OU=GT30082937; OU=See www.rapidssl.com/resources/cps (c)13; OU=Domain Control Validated - RapidSSL(R); CN=xxx.cz
* start date: 2013-09-30 06:29:47 GMT
* expire date: 2014-10-03 05:32:07 GMT
* issuer: C=US; O=GeoTrust, Inc.; CN=RapidSSL CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Accept: */*
> Connection: Upgrade
> Upgrade: websocket
> Host: xxx.cz
> Origin: https://xxx.cz
>
< HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
< Server: nginx/1.4.7
Server: nginx/1.4.7
< Date: Mon, 07 Apr 2014 11:19:01 GMT
Date: Mon, 07 Apr 2014 11:19:01 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 172
Content-Length: 172
< Connection: keep-alive
Connection: keep-alive

<
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.4.7</center>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):